12/06/2005 18:01 FAX 216 696 8731 
10/083,010 



AMIN, & TUROCY LLP. 



EJ007 



MS 1 9043 8.0 1/MSFTP3 1 9US 



Remarks 

Claims 1-33 are currently pending in the subject application and are presently under 
consideration. Claims 1, 18, 27, 28, 31 and 33 have been amended. Claims 2, 19 and 30 have 
been canceled. A version of these claims is on pages 2-7 of this Reply- 
Favorable reconsideration of the subject patent application is respectfully requested in 
view of the comments and amendments herein. 

L Rejection of Claims 1-17.27-33 Under 35 U.S.C. S101 

Claims 1-17, 27-33 stand rejected under 35 U.S.C. §101 because the claimed invention is 
directed to non-statutory subject matter. Claims I, 27-28, 3 1 and 33 have been amended to more 
fully define the statutory subject matter of the subject claims. These changes further define that 
the system is directed to a practical application involving patentable subject matter. Claims 1 , 
27, 28, 31 and 33, as presently amended, now recite a computer implemented system comprising 
computer executable components facilitating a security connection between entities. Thus, 
claims 1, 27, 28, 3 1 and 33 are not drafted only in terms of cc matheTriatical steps operating on 
abstract data and producing abstract data." The claimed system requires the creation of data that 
will be used in a process representing a practical application, i.e., processing credentials to 
facilitate a security connection between entities and thus, claims 1, 27, 28, 31 and 33 represent 
patentable subject matter. In light of the present amendments, this rejection is moot and should 
be withdrawn. 

H. Rejection of Claims 1, 3, 4, 17, 18, 23, 27-30. 33 Under 35 U.S.C. S102rtrt 

Claims 1, 3, 4, 17, 18, 23, 27-30, 33 stand rejected under 35 U.S.C. §102(b) as being 
anticipated by Lee et at ("A secure electronic software distribution (ESD) protocol based on 
PKC" by Lee et at, EC-Web 2000, LNCS 1875, pp. 63-71, 2000). It is respectfully submitted 
that this rejection should be withdrawn for at least the following reasons. Lee et ah does not 
anticipate each and every element as set forth in the subject claims. 

A single prior art reference anticipates a patent claim only if it 
expressly or inherently describes each and every limitation set 
forth in the patent claim. Trintec Industries, Inc. v. Top-U.&A. 
Corp., 295 R3d 1292, 63 USPQ2d 1597 (Fed. Cir. 2002); See 
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Verdegaal Bros. v. Union Oil Co. of California, 814 F.2d 628, 631, 
2 USPQ2d 1051, 1053 (Fed. Cir. 1987). The identical invention 
must be shown in as complete detail as is contained in the ... 
claim. Richardson v. Suzuki Motor Co., 868 F.2d 1226, 9 USPQ2d 
1913, 1920 (Fed. Cir. 1989). 

The claimed invention relates to a system and methodology to facilitate secure network 
communications between remote network entities or parties to a transaction. This is achieved by 
providing a strong set of security credentials between a master entity such as a service and a 
remote entity such as a partner. In conjunction with the strong set of security credentials, a 
protocol is provided that acts as a package, wrapper or container to house the security credentials 
before delivery from the service to the partner to facilitate secure communications between the 
parties. 

More particularly, independent claim 1 (and similarly independent claim 28) recites a 
computer implemented system for processing credentials, comprising a wrapper that packages 
credentials associated with resources of a service; and a pass-phrase employed in connection 
with generation of the wrapper, the pass-phrase employed to facilitate access to the credentials, 
the credentials employed to facilitate access to the resources of the service, and the pass-phrase 
distributed separately from the credentials. Lee et al does not expressly or inherently disclose 
the aforementioned novel aspects of applicants* invention as recited in the subject claims. 

Lee et al discloses a secure electronic software distribution (ESD) protocol based on 
public key cryptography (PKC). When a customer completes a software purchase, a merchant 
server sends an electronic license to the customer via email. When a customer executes an 
installation program, the program first connects to the authentication agent using a loopback 
address and predefined port. The authentication agent decrypts using the merchant server's 
public key and sends the message to the installation program. The installation program then 
extracts the message, authenticates it and generates a timestamp. (See pages 67-68). 

At Page 13 of the Office Action (dated September 16, 2005), the Examiner acknowledges 
that Lee et al fails to disclose that the pass-phrase is distributed separately from the credentials. 
Claims 1 and 28 have been amended to incorporate the pass-phxase being distributed separately 
from the credentials. In light of the present amendments, this rejection is moot and should be 
withdrawn. 
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Independent claim 18 (and similarly independent claims 27 and 33) recites a method and 
system of facilitating a security connection between entities, comprising, generating a strong 
password; generating a pass-phrase; wrapping the password cryptographically via the pass- 
phrase; storing the wrapped password in an executable; and transmitting the executable and 
the pass-phra$e to a system via different communications mediums. 

At Page 13 of the Office Action (dated September 16, 2005), the Examiner acknowledges 
that Lee et al fails to disclose that the executable and the pass-phrase are transmitted to a system 
via different communications mediums. Claim 1 8 has been amended to incorporate the step of 
transmitting the executable and the pass-phrase to a system via different communications 
mediums. Independent claims 27 and 33 recite similar limitations with respect to the 
transmission of the executable and the pass-phrase to a system via different communications 
mediums. The rejection of these claims should be withdrawn. 

In view of at least the above, it is readily apparent that Lee et al fails to expressly or 
inherently disclose applicants' claimed invention as recited in independent claims 1, 18, 27, 28 
and 33 (and claims 3-4, 17, 23 and 29-30 which respectively depend there from). Accordingly, it 
is respectfully requested that these claims be deemed allowable. 

in. Rejection of Claims 2. 5-11, 19. 20 and 26 Under 35 U.S,C. S103(al 

Claims 2, 5-11, 19, 20 and 26 stand rejected under 35 U.S.C. §103(a) as being 
unpatentable over Lee et al in view of Ramakrishnan ("Java based E-commerce middleware" by 
Sub Ramakrishnan, 2001 IEEE). It is respectfully submitted that this rejection should be 
withdrawn for the following reasons. Lee et al and Ramakrishnan, individually or in 
combination, do not teach or suggest each and every element set forth in the subject claims. 

To reject claims in an application under §103, an examiner must show an 
unrebutted prima facie case of obviousness. A prima facie case of 
obviousness is established by a showing of three basic criteria. First, 
there must be some suggestion or motivation, either in the references 
themselves or in the knowledge generally available to one of ordinary 
skill in the art, to modify the reference or to combine reference 
teachings. Second, there must be a reasonable expectation of success. 
Finally, the prior art reference (or references when combined) must teach 
or suggest all the claim limitations. See MPEP §706.02(j). The teaching 
or suggestion to make the claimed combination and the reasonable 
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expectation of success must both be found in the prior art and not based 
on applicants' disclosure. See In re Vaeck 947 F.2d 488, 20 USPQ2d 
1438 (Fed. Cir. 1991). 

As stated above, applicants' claimed invention relates to a system and methodology to 
facilitate secure network communications between remote network entities or parties to a 
transaction. More particularly, independent claims 1 and 18 recite similar limitations, namely: a 
system and method for facilitating a security connection between entities, comprising a wrapper 
that packages credentials associated with resources of a service; and a pass-phrase employed in 
connection with generation of the wrapper, the pass-phrase employed to facilitate access to the 
credentials, the credentials employed to facilitate access to the resources of the service, and the 
pass-phrase distributed separately from the credentials. Lee et al and Ramakrishnan, 
individually or in combination, fail to teach or suggest such aspects of the claimed invention. 

Lee et al relates to a secure electronic software distribution (ESD) protocol based on 
public key cryptography (PKC). When a customer completes a software purchase, a merchant 
server sends an electronic license to the customer via email. When a customer executes an 
installation program, the program first connects to the authentication agent using a loopback 
address and predefined port The authentication agent decrypts using the merchant servers 
public key and sends the message to the installation program. The installation program then 
extracts the message, authenticates it and generates a timestamp. (See pages 67-68). At Page 13 
of the Office Action (dated September 16, 2005), the Examiner acknowledges that Lee et at. fails 
to disclose that the pass-phrase is distributed separately from the credentials, as disclosed in the 
subject claims. 

Ramakrishnan does not make up for the aforementioned deficiencies of Lee et al with 
respect to independent claims 1 and 1 8 (which claims 5- 1 1 , 20 and 26 respectively depend there 
from). Ramakrishnan relates to the development of a secure middleware application in Java that 
connects the web hosting database with the corporate backend database. A secure, client-server 
application is developed to link the two databases: the java client at the web hosting end securely 
transfers orders from the local database, to the corporate database via the server at the corporate 
enterprise. The client and server communication is over a socket, which is protected for privacy. 
The socket connection stays open as long as there are active orders, and is disconnected during 
long periods of no activity, (See pages 1-2). 
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As stated above, teachings of references can be combined only if there is some suggestion 
or incentive to do so. Here, neither the nature of the problem to be solved, the teachings in the 
cited art, nor the knowledge of persons of ordinary skill provide sufficient suggestion or 
motivation to combine the references. Instead, the Office Action relies on improper hindsight in 
reaching his obviousness determination, Lee et al and Ramakrishnan cannot be combined to 
make the claimed invention obvious because there is not proper suggestion or motivation to 
combine the references' teachings to create the subject matter recited in independent claims 1 
and 1 8. Lee et al is directed to a secure ESD protocol; while Ramakrishnan is directed to a Java 
based E-commerce middleware. Accordingly, neither Lee et al nor Ramakrishnan provide any 
motivation to modify the secure protocol of Lee et al as suggested in the present Office Action. 
Thus, the contention that separately distributing the pass-phrase from the credentials would have 
been obvious in view of the teachings of Lee et al and Ramakrishnan constitutes nothing more 
than hindsight speculation. 

Moreover, the combination of Lee et al, and Ramakrishnan does not teach the claimed 
invention. Specifically, utilizing a typed-in pass-phrase in an encryption algorithm does not read 
on the presently claimed system for facilitating a security connection between entities 
comprising a wrapper that packages credentials and a pass-phrase which is distributed 
separately from the wrapper to facilitate access to the wrapper. Accordingly, the combination of 
Lee et al and Ramakrishnan, i.e., the addition of a pass-phrase which is typed-in, does not render 
the presently claimed invention obvious. 

In view of the aforementioned deficiencies of Lee et al and Ramakrishnan, and because 
the requisite teaching or suggestion to combine the elements in the manner suggested is absent 
from the cited references, it is respectfully submitted that this rejection be withdrawn with 
respect to independent claims 1 and 18 (which claims 5-U, 20 and 26 depend respectively there 
from). 

Claims 2 and 19 have been canceled - as such the rejection is moot with respect to claims 
2 and 19. 

IV. Rejection of Claims 13-16, 21, 22, 31 and 32 Under 35 IL3.C. S103(a^ 

Claims 13-16, 21, 22, 31 and 32 stand rejected under 35 U.S.C. §103(a) as being 
unpatentable over Lee et al in view of Brainard ("SecurSight: An overview for secure 
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information access" by John G, Brainard, RSA Laboratories), It is respectfully submitted that 
this rejection should be withdrawn for the following reasons. Lee et al and Brainard, 
individually or in combination, do not teach or suggest each and every element set forth in the 
subject claims. In particular, Brainard does not make up for the aforementioned deficiencies of 
Lee etal with respect to independent claims 1, 18 and 31 (which claims 13-16, 21, 22 and 32 
depend from). Thus, the subject invention as recited in claims 13-16, 21, 22, 31 and 32 is not 
obvious over the combination of Lee et al and Brainard, and withdrawal of this rejection is 
requested, 

V. Rejection of Claims 24 and 25 Under 35 U.S.C. S103(a1 

Claims 24 and 25 stand rejected under 35 U.S.C, § 103(a) as being unpatentable over Lee 
et al. in view of Chatani et al (U.S. 2002/0104019). It is respectfully submitted that this 
rejection should be withdrawn for the following reasons. Lee ei al and Chatani et al , 
individually or in combination, do not teach or suggest each and every element set forth in the 
subject claims. In particular, Chatani et al does not make up for the aforementioned deficiencies 
of Lee et al with respect to independent claim 18 (which claims 24 and 25 depend from). Thus, 
the subject invention as recited in claims 24 and 25 is not obvious over the combination of Lee et 
al and Chatani et al, and withdrawd of this rejection is requested. 
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Conclusion 

The present application is believed to be in condition for allowance in view of the above 
comments and amendments. A prompt action to such end is earnestly solicited. 

In the event any fees are due in connection with this document, the Commissioner is 
authorized to charge those fees to Deposit Account No. 50-1063 [MSFTP319US]. 

Should the Examiner believe a telephone interview would be helpful to expedite 
favorable prosecution, the Examiner is invited to contact applicants' undersigned representative 
at the telephone number below. 



Respectfully submitted, 

AMIN & TUROCY, LLP 




Himanshu S. Amin 
Reg. No. 40,894 



AMIN & TUROCY, LLP 
24 th Floor, National City Center 
1900 E. 9 th Street 
Cleveland, Ohio 441 14 
Telephone (216) 696-8730 
Facsimile (216)696-8731 
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